Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-3F45-MMR7-7F4P

Vulnerability from github – Published: 2022-07-07 00:00 – Updated: 2022-07-14 00:00
VLAI
Details

JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46687"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-06T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.",
  "id": "GHSA-3f45-mmr7-7f4p",
  "modified": "2022-07-14T00:00:20Z",
  "published": "2022-07-07T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46687"
    },
    {
      "type": "WEB",
      "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin"
    },
    {
      "type": "WEB",
      "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FC3-XGJX-F77W

Vulnerability from github – Published: 2022-08-27 00:00 – Updated: 2022-09-01 00:00
VLAI
Details

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-26T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.",
  "id": "GHSA-3fc3-xgjx-f77w",
  "modified": "2022-09-01T00:00:24Z",
  "published": "2022-08-27T00:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36226"
    },
    {
      "type": "WEB",
      "url": "https://github.com/we1h0/SiteServer-CMS-Remote-download-Getshell"
    },
    {
      "type": "WEB",
      "url": "https://www.slpyue.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FQC-QP8W-RR4H

Vulnerability from github – Published: 2022-04-29 00:00 – Updated: 2022-05-10 00:00
VLAI
Details

A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22783"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-28T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.",
  "id": "GHSA-3fqc-qp8w-rr4h",
  "modified": "2022-05-10T00:00:34Z",
  "published": "2022-04-29T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22783"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FW2-3G64-5H2V

Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2022-09-14 00:00
VLAI
Details

Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-13T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.",
  "id": "GHSA-3fw2-3g64-5h2v",
  "modified": "2022-09-14T00:00:44Z",
  "published": "2022-09-14T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35837"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35837"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35837"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3H2X-CPJG-QQ3M

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18073"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-11T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.",
  "id": "GHSA-3h2x-cpjg-qq3m",
  "modified": "2022-05-13T01:44:34Z",
  "published": "2022-05-13T01:44:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18073"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-04-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3HVJ-CH28-P4X7

Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-22 18:30
VLAI
Details

VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver (vbmatrixvaio64*_win10.sys). The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCTL 0x222060, maps it into user space using an MDL and MmMapLockedPagesSpecifyCache. Because the allocation size is not page-aligned, the mapping exposes the entire 0x1000-byte kernel page containing the buffer plus adjacent non-paged pool allocations with read/write permissions. An unprivileged local attacker can open a device handle (using the required 0x800 attribute flag), invoke the IOCTL to obtain the mapping, and then read or modify live kernel objects and pointers present on that page. This enables bypass of KASLR, arbitrary kernel memory read/write within the exposed page, corruption of kernel objects, and escalation to SYSTEM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23763"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-22T17:16:37Z",
    "severity": "HIGH"
  },
  "details": "VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver (vbmatrixvaio64*_win10.sys). The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCTL 0x222060, maps it into user space using an MDL and MmMapLockedPagesSpecifyCache. Because the allocation size is not page-aligned, the mapping exposes the entire 0x1000-byte kernel page containing the buffer plus adjacent non-paged pool allocations with read/write permissions. An unprivileged local attacker can open a device handle (using the required 0x800 attribute flag), invoke the IOCTL to obtain the mapping, and then read or modify live kernel objects and pointers present on that page. This enables bypass of KASLR, arbitrary kernel memory read/write within the exposed page, corruption of kernel objects, and escalation to SYSTEM.",
  "id": "GHSA-3hvj-ch28-p4x7",
  "modified": "2026-01-22T18:30:41Z",
  "published": "2026-01-22T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23763"
    },
    {
      "type": "WEB",
      "url": "https://forum.vb-audio.com/viewtopic.php?p=7527#p7527"
    },
    {
      "type": "WEB",
      "url": "https://forum.vb-audio.com/viewtopic.php?p=7574#p7574"
    },
    {
      "type": "WEB",
      "url": "https://github.com/emkaix/security-research/tree/main/CVE-2026-23763"
    },
    {
      "type": "WEB",
      "url": "https://vb-audio.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/vb-audio-matrix-drivers-local-privilege-escalation-via-kernel-memory-exposure"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3J7C-P7JW-Q87H

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:28
VLAI
Details

cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10840"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-01T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).",
  "id": "GHSA-3j7c-p7jw-q87h",
  "modified": "2024-04-04T01:28:02Z",
  "published": "2022-05-24T16:52:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10840"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JX4-Q2M7-R496

Vulnerability from github – Published: 2026-03-04 19:21 – Updated: 2026-03-04 19:21
VLAI
Summary
OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations
Details

Summary

In certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary.

By default, tools.fs.workspaceOnly is off. This primarily affects deployments that intentionally enable workspace-only filesystem restrictions (and workspace-only apply_patch checks).

Impact

  • Confidentiality: out-of-workspace files could be read through in-workspace hardlink aliases.
  • Integrity: out-of-workspace files could be modified through in-workspace hardlink aliases.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published version at triage time: 2026.2.24
  • Affected range: <= 2026.2.24
  • Planned patched version: 2026.2.25

Fix Commit(s)

  • 04d91d0319b82fd4de91ed05e9fc5219ff2ab64e (main)

Remediation

OpenClaw now rejects hardlinked final-file aliases during workspace boundary validation for: - workspace-only path checks (read / write / edit) - workspace-only apply_patch read/write paths - sandbox mount-root path-safety checks

Regression tests were added for apply_patch, workspace fs tools, and sandbox fs bridge hardlink alias escapes.

OpenClaw thanks @tdjackey for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.2.24"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-04T19:21:04Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nIn certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary.\n\nBy default, `tools.fs.workspaceOnly` is off. This primarily affects deployments that intentionally enable workspace-only filesystem restrictions (and workspace-only `apply_patch` checks).\n\n### Impact\n- Confidentiality: out-of-workspace files could be read through in-workspace hardlink aliases.\n- Integrity: out-of-workspace files could be modified through in-workspace hardlink aliases.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published version at triage time: `2026.2.24`\n- Affected range: `\u003c= 2026.2.24`\n- Planned patched version: `2026.2.25`\n\n### Fix Commit(s)\n- `04d91d0319b82fd4de91ed05e9fc5219ff2ab64e` (main)\n\n### Remediation\nOpenClaw now rejects hardlinked final-file aliases during workspace boundary validation for:\n- workspace-only path checks (`read` / `write` / `edit`)\n- workspace-only `apply_patch` read/write paths\n- sandbox mount-root path-safety checks\n\nRegression tests were added for `apply_patch`, workspace fs tools, and sandbox fs bridge hardlink alias escapes.\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-3jx4-q2m7-r496",
  "modified": "2026-03-04T19:21:04Z",
  "published": "2026-03-04T19:21:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3jx4-q2m7-r496"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/04d91d0319b82fd4de91ed05e9fc5219ff2ab64e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations"
}

GHSA-3M9Q-9522-7FX6

Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-17 00:00
VLAI
Details

Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-12T14:15:00Z",
    "severity": "LOW"
  },
  "details": "Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.",
  "id": "GHSA-3m9q-9522-7fx6",
  "modified": "2022-07-17T00:00:45Z",
  "published": "2022-07-13T00:01:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33699"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3MP9-X5Q5-63W3

Vulnerability from github – Published: 2022-10-28 19:00 – Updated: 2022-10-28 19:00
VLAI
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-28T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration\u0027s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.",
  "id": "GHSA-3mp9-x5q5-63w3",
  "modified": "2022-10-28T19:00:30Z",
  "published": "2022-10-28T19:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2882"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1656722"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/371082"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.